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REMARKS 

Claims 24-54 were examined and reported in the Office Action. Claims 24-54 are 
rejected. Claims 24-30, 33, 35, 37-38, 43, 46, 48 and 50 are amended. Claims 24-54 
remain. 

Applicant requests reconsideration of the application in view of the following 
remarks. 

I. In the Drawings 

Figures 4, 5, and 6 are objected to in the Office Action for failing to include 
reference signs mentioned in the description in compliance with 37 CFR 1.84(p)(5). 
Applicant has amended the drawings and specification to overcome the drawing 
objections. Corrected replacement sheets for Figures 6 and 7 are included with this 
response. Applicant notes that reference number 635 is mentioned in the original 
disclosure at page 9, line 13. Approval is respectfully requested. 

II. Summary 

Applicant notes that it is asserted in the Office Action that the specification is 
objected for not including a section entitled "Brief Summary of the Invention." 
Applicant notes that 37 CFR §1. 77(b) asserts that the specification "should include" a 
"Brief Summary of the Invention." Applicant respectfully traverses the aforementioned 
objection for the following reasons. 

Applicant notes that 37 CFR §1. 77(c) asserts that "[t]he text of the specification 
sections defined in paragraphs (b)(1) through (b)(ll) of this section, if applicable, 
should be preceded by a section heading in uppercase and without underlining." 
(Emphasis added). Applicant notes that 37 CFR §1.73 asserts that "Such summary 
should, when set forth, be commensurate with the invention as claimed and any object 
recited should be that of the invention as claimed. (Emphasis added). Applicant also 
notes that MPEP section 608.01(d) asserts that "[a] brief summary of the invention 
indicating its nature and substance, which may include a statement of the object of the 
invention, should precede the detailed description. Such summary, should, when set 



Application No. 09,753,257 

Page 9 



forth, be commensurate with the invention as claimed and any object recited should be 
that of the invention as claimed/' (Emphasis added). The plain English meaning of the 
terms "when set forth" indicate that the summary need not be included in an 
application. Since 37 CFR §1. 77(c) uses the terms " if applicable: ' 37 CFR §1.73 and 
MPEP section 608.01(d) asserts " when set forth/ ' it is clear that inclusion of a Brief 
Summary of the Invention section is not mandatory. Since the MPEP follows the 
language of the CFR, and includes the terms "when set forth," there is no indication, 
whatsoever, that a Brief Summary of the Invention section must mandatorily be 
included in an application for patent. Therefore, according to the CFR and MPEP, 
Applicant elects not to include a "Brief Summary of the Invention." Applicant also 
notes that according to 37 CFR §1. 77(c), sections indicated in 37 CFR §1.77(b)(l)-(b)(ll) 
that are not applicable need not be included in the application. 

Accordingly, withdrawal of the specification objection for not including a "Brief 
Summary of the Invention" is respectfully requested. 

III. 35 U.S.C. 5101 

It is asserted in the Office Action that claims 24-42 are rejected under 35 U.S.C. 
§101 because the claimed invention is directed to non-statutory subject matter. 
Applicant has amended the claims to overcome the 35 U.S.C. §101 rejection. 

Accordingly, withdrawal of the 35 U.S.C. §101 rejections for claims 24-42 are 
respectfully requested. 

IV. 35 U.S.C. S112, Second Paragraph 

A. It is asserted in the Office Action that claim 27 is rejected under 35 U.S.C. §112, 
second paragraph, as being incomplete for omitting essential steps, i.e. stating where 
the "old password" comes or its relationship to the current password. Applicant has 
amended claim 27 to overcome the 35 U.S.C. §112, second paragraph rejection. 

Accordingly, withdrawal of the 35 U.S.C. §112, second paragraph rejection for 
claim 27 is respectfully requested. 
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B. It is asserted in the Office Action that claims 32-35, 39, 45-48, and 51 are rejected 
under 35 U.S.C. §112, second paragraph, as being indefinite for failing to particularly 
point out and distinctly claim the subject matter. Applicant has amended the claims to 
overcome the 35 U.S.C. §112, second paragraph rejection. 

Applicant notes that one of ordinary skill in the use of passwords or encryption 
regarding passwords would know that the term "strong password" has a standard 
meaning in the art. Applicant gives as evidence of the standard meaning the following: 

From the website: http://www.webopedia.eom/TERM/S/strong_password.html 

Strong Password "(strang pas'werd) (n.) A password that is difficult to detect by both 
humans and computer programs, effectively protecting data from unauthorized access. 
A strong password consists of at least six characters (and the more characters, the 
stronger the password) that are a combination of letters, numbers and symbols (@, #, $, 
%, etc.) if allowed. Passwords are typically case-sensitive, so a strong password contains 
letters in both uppercase and lowercase. Strong passwords also do not contain words 
that can be found in a dictionary or parts of the user's own name/ 7 

From the website 

http: / /searchwin2000.techtarget.com/gDefinition/0%2C294236%2Csidl gci914537%2 
COO.html 

"A strong password is one that is designed to be hard for a person or program to 
discover. Because the purpose of a password is to ensure that only authorized users can 
access resources, a password that is easy to guess is a security risk. Essential 
components of a strong password include sufficient length and a mix of character 
types." 

From the website http:/ / www.uis.edu/ cts/netid/ 

"The University of Illinois Interim Security Policy requires the use of strong user 
passwords wherever possible. Strong passwords are required on both campus NetlDs 
and EnterpriselDs. . . . 
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The definition of a strong password is as follows: 

* The password must contain at least one UPPER CASE letter. 

* The password must contain at least one LOWER CASE letter. 

* The password must contain at least one DIGIT: ( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 ) 

* Passwords cannot contain any part of your network account (username), more 
commonly known as your NetID 

* The password must be at least eight characters long. 

* The password cannot be any of your three previous passwords. 

* The password cannot contain any common word or proper name greater than 
three characters in length/ 7 (Emphasis added). 

Accordingly, withdrawal of the 35 U.S.C. §112, second paragraph rejection for 
claims 32-35, 39, 45-48, and 51 are respectfully requested. 

V. 35 U.S.C. 6 102(e) 

A. It is asserted in the Office Action that claims 30, 32, 33, 36, 38, 39, 43, 45, 46, 49 
and 51 are rejected under 35 U.S.C. § 102(b), as being anticipated by U. S. Patent No. 
6,064,736 issued to Davis et al. ("Davis"). Applicant respectfully traverses the 
aforementioned rejection for the following reasons. 

According to MPEP §2131, "'[a] claim is anticipated only if each and every 
element as set forth in the claim is found, either expressly or inherently described, in a 
single prior art reference/ ( Verdegaal Bros, v. Union Oil Co. of California, 814 F.2d 628, 
631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987)). 'The identical invention must be shown in 
as complete detail as is contained in the ... claim/ ( Richardson v. Suzuki Motor Co., 868 
F.2d 1226, 1236, 9 USPQ2d 1913, 1920 (Fed. Cir. 1989)). The elements must be arranged 
as required by the claim, but this is not an ipsissimis verbis test, i.e., identity of 



Application No. 09,753,257 
Page 12 



terminology is not required. ( In re Bond, 910 F.2d 831, 15 USPQ2d 1566 (Fed. Cir. 
1990))." 

Applicant's amended claim 30 contains the limitations of "[a] method performed 
by a machine comprising: generating a hash from a particular salt value associated with 
a specific software application and input data; generating a password from the hash; 
and returning the password to the software application to gain entry to the software 
application." 

Applicant's amended claim 43 contains the limitations of "[a] program storage 
device readable by a machine comprising instructions that cause the machine to: 
generate a hash from a particular salt value associated with a specific software 
application and input data; generate a password from the hash; and return the 
password to the software application to gain entry to the software application." 

Davis discloses a two party key authentication and verification where data is 
allowed to flow between a client and a server after verification. Davis discloses a nonce 
and the User ID of the client is sent to the server where the server creates a random 
secret value to be used in a DES algorithm to set up the encrypted session. The nonce in 
Davis, if compared to a salt in Applicant's claimed invention, is not a particular nonce 
that is associated with a specific software application. In fact, since a nonce is based on 
time or can be a time stamp, it is hardly likely that a particular nonce could ever be 
associated with a specific software application. 

Therefore, since Davis does not disclose, teach or suggest all of Applicant's 
amended claims 30 and 43 limitations, Applicant respectfully asserts that a prima facie 
rejection under 35 U.S.C. § 102(e) has not been adequately set forth relative to Davis. 
Thus, Applicant's amended claims 30 and 43 are not anticipated by Davis. 
Additionally, the claims that directly or indirectly depend on claims 30 and 43, namely 
claims 32, 33, 36, 38 and 39, and 45, 46, 49 and 51, respectively, are also not anticipated 
by Davis for the same reason. 

Accordingly, withdrawal of the 35 U.S.C. § 102(b) rejections for claims 30, 32, 33, 
36, 38, 39, 43, 45, 46, 49 and 51 are respectfully requested. 
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B. It is asserted in the Office Action that Claims 24-26. 28-30, 32, 33, 35-38, 43, 45, 46, 
and 48-50 are rejected in the Office Action under 35 U.S.C. § 102(e) as being anticipated 
by, or in the alternative, under 35 U.S.C. 103(a) as obvious over U. S. Patent No. 6,141, 
760 issued to Abadi et al. ("Abadi") in view of Menezes, "Handbook of Applied 
Cryptography," 1997 page 390. Applicant assumes the Office Action meant either 
Abadi or Menezes regarding the 35 U.S.C. §102(e) rejection. (Note Applicant addresses 
the 35 U.S.C. 103(a) rejection below in section VI. Regarding the 35 U.S.C. § 102(e) 
rejection, Applicant respectfully traverses the aforementioned rejection for the 
following reasons. 

Applicant's amended claim 24 contains the limitations of "[a] method performed 
by a machine comprising: receiving a user password; receiving a name of an 
independent software application that requires a password for a user to use the 
software application; determining a specific salt value associated with the software 
application; computing a software application dependent password for a user, wherein 
the software application dependent password depends on the user password and the 
salt value for the software application; and returning the software application 
dependent password to the software application." 

Applicant's amended claim 30 contains the limitations of "[a] method performed 
by a machine comprising: generating a hash from a particular salt value associated with 
a specific software application and input data; generating a password from the hash; 
and returning the password to the software application to gain entry to the software 
application." 

Applicant's amended claim 43 contains the limitations of "[a] program storage 
device readable by a machine comprising instructions that cause the machine to: 
generate a hash from a particular salt value associated with a specific software 
application and input data; generate a password from the hash; and return the 
password to the software application to gain entry to the software application." 

Abadi discloses generating passwords for password controlled access points. 
Abadi uses a master password, an access password and a user name. The master 



Application No. 09,753,257 
Page 14 



password, service name and user name are combined using an irreversible function, 
e.g., a hash function, to generate a unique password. Abadi, however, does not teach, 
disclose or suggest "determining a specific salt value associated with the software 
application/' "generating a hash from a particular salt value associated with a specific 
software application and input data/' or "generate a hash from a particular salt value 
associated with a specific software application and input data." 

Therefore, since Abadi does not disclose, teach or suggest all of Applicant's 
amended claims 24, 30 and 43 limitations, Applicant respectfully asserts that a prima 
facie rejection under 35 U.S.C. § 102(e) has not been adequately set forth relative to 
Abadi. Thus, Applicant's amended claims 24, 30 and 43 are not anticipated by Abadi. 
Additionally, the claims that directly or indirectly depend on claims 24, 30 and 43, 
namely claims 25-26 and 28-29, 32, 33 and 35-38, and 45-46 and 48-50, respectively, are 
also not anticipated by Abadi for the same reason. 

Menezes discloses basic encryption techniques, such as slowing down password 
mapping, salting passwords and extending passwords to passphrases. Menezes, 
however, does not teach, disclose or suggest "determining a specific salt value 
associated with the software application," "generating a hash from a particular salt 
value associated with a specific software application and input data," or "generate a 
hash from a particular salt value associated with a specific software application and 
input data." 

Therefore, since Menezes does not disclose, teach or suggest all of Applicant's 
amended claims 24, 30 and 43 limitations, Applicant respectfully asserts that a prima 
facie rejection under 35 U.S.C. § 102(e) has not been adequately set forth relative to 
Menezes. Thus, Applicant's amended claims 24, 30 and 43 are not anticipated by 
Menezes. Additionally, the claims that directly or indirectly depend on claims 24, 30 
and 43, namely claims 25-26 and 28-29, 32, 33 and 35-38, and 45-46 and 48-50, 
respectively, are also not anticipated by Menezes for the same reason. 

Accordingly, withdrawal of the 35 U.S.C. § 102(e) rejections for claims 24-26, 28- 
30, 32, 33, 35-38, 43, 45, 46, and 48-50 are respectfully requested. 
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VI. 35 U.S.C. 6 103(a) 

A. It is asserted in the Office Action that Claims 24-26. 28-30, 32, 33, 35-38, 43, 45, 46, 
and 48-50 are rejected in the Office Action under 35 U.S.C. § 103(a) as being obvious 
over Abadi in view of Menezes. Applicant respectfully traverses the aforementioned 
rejection for the following reasons. 

According to MPEP §2142 "[t]o establish a prima facie case of obviousness, three 
basic criteria must be met. First, there must be some suggestion or motivation, either in 
the references themselves or in the knowledge generally available to one of ordinary 
skill in the art, to modify the reference or to combine reference teachings. Second, there 
must be a reasonable expectation of success. Finally, the prior art reference (or 
references when combined) must teach or suggest all the claim limitations. The 
teaching or suggestion to make the claimed combination and the reasonable expectation 
of success must both be found in the prior art, and not based on applicant's disclosure/' 
(InreVaeck, 947 F.2d 488, 20 USPQ2d 1438 (Fed. Cir. 1991)). Further, according to 
MPEP §2143.03, "[t]o establish prima facie obviousness of a claimed invention, all the 
claim limitations must be taught or suggested by the prior art. ( In re Royka, 490 F.2d 
981, 180 USPQ 580 (CCPA 1974)." "All words in a claim must be considered in judging the 
patentability of that claim against the prior art." ( In re Wilson, 424 F.2d 1382, 1385, 165 
USPQ 494, 496 (CCPA 1970), emphasis added.) 

As discussed above in section V(B), neither Abadi nor Menezes teach, disclose or 
suggest "determining a specific salt value associated with the software application," 
"generating a hash from a particular salt value associated with a specific software 
application and input data," or "generate a hash from a particular salt value associated 
with a specific software application and input data." 

Therefore, even if Abadi were combined with Menezes, the resulting invention 
would still not include all of Applicant's claimed limitations. Since neither Abadi, 
Menezes, nor the combination of the two, teach, disclose or suggest all the limitations of 
Applicant's amended claims 24, 30 and 43, as listed above, there would not be any 
motivation to arrive at Applicant's claimed invention. Thus, Applicant's amended 
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claims 24, 30 and 43 are not obvious over Abadi in view of Menezes since a prima facie 
case of obviousness has not been met under MPEP §2142. Additionally, the claims that 
directly or indirectly depend from amended claims 24, 30 and 43, namely claims 25-26 
and 28-29, 32, 33 and 35-38, and 45-46 and 48-50, respectively, would also not be 
obvious over Abadi in view of Menezes for the same reason. 

Accordingly, withdrawal of the 35 U.S.C. § 103(a) rejections for claims 24-26, 28- 
30, 32, 33, 35-38, 43, 45, 46, and 48-50 are respectfully requested. 

B, It is asserted in the Office Action that claim 27 rejected in the Office Action under 
35 U.S.C. § 103(a) as being unpatentable over U.S. Patent No. 6,141,760 to Abadi et al. in 
view of Menezes, and further in view of U. S. Patent No. 5,719,941 issued to Swift et al. 
("Swift")- Applicant respectfully traverses the aforementioned rejection for the 
following reasons. 

Applicant has discussed Abadi and Menezes above in section V(B) regarding 
amended claim 24, from which claim 27 indirectly depends on. 

Swift discloses a method for changing an account password stored at a 
physically remote location. A user submits both an old and a new password to its client 
machine and the client computes two message values. The first message is computed 
by encrypting the new password using a one-way hash of the old password as an 
encryption key. The second message is computed by encrypting the one-way hash of 
the old password using a one-way hash of the new clear text password as the 
encryption key. The server computes a first decrypted value by decrypting the first 
message using the one-way hash of the old password, previously stored at the server, as 
the decryption key. The server computes a second decrypted value by decrypting the 
second message using a one-way hash of the first decrypted value as the decryption 
key. The server compares the decrypted one-way hashed value, transmitted in 
encrypted form in the second message, to the pre-stored hashed old password. If the 
two values are equal, then the server replaces the old password by the new password. 

Swift, however, does not teach, disclose or suggest "determining a specific salt 
value associated with the software application/' "generating a hash from a particular 
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salt value associated with a specific software application and input data," or "generate a 
hash from a particular salt value associated with a specific software application and 
input data/' 

Therefore, even if Abadi and Menezes were combined with Swift, the resulting 
invention would still not include all of Applicant's claimed limitations. Since neither 
Abadi, Menezes, Swift nor the combination of the three, teach, disclose or suggest all 
the limitations of Applicant's amended claim 24, as listed above, there would not be any 
motivation to arrive at Applicant's claimed invention. Thus, Applicant's amended 
claim 24 is not obvious over Abadi in view of Menezes and further in view of Swift 
since a prima facie case of obviousness has not been met under MPEP §2142. 
Additionally, the claim that indirectly depends from amended claim 24, namely claim 
27, would also not be obvious over Abadi in view of Menezes and further in view of 
Swift for the same reason. 

Accordingly, withdrawal of the 35 U.S.C. § 103(a) rejection for claim 27 is 
respectfully requested. 

C. It is asserted in the Office Action that claims 31 and 44 are rejected in the Office 
Action under 35 U.S.C. § 103(a) as being obvious over Abadi in view of Menezes, and 
further in view of U. S. Patent No. 6,006,333 issued to Nielsen ("Nielsen "). Applicant 
respectfully traverses the aforementioned rejection for the following reasons. 

Applicant's claim 31 directly depends on amended claim 30. Applicant's claim 
44 directly depends on amended claim 43. Applicant has discussed claims 24 and 30 
regarding Abadi and Menezes above in sections V(B) and VI(A). 

Nielsen discloses a user operating a client system can access multiple remote 
servers that each require distinct passwords with a master password. Nielsen, 
however, does not teach, disclose or suggest "determining a specific salt value 
associated with the software application," "generating a hash from a particular salt 
value associated with a specific software application and input data," or "generate a 
hash from a particular salt value associated with a specific software application and 
input data." 
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Therefore, even if Abadi and Menezes were combined with Nielsen, the resulting 
invention would still not include all of Applicant's claimed limitations. Since neither 
Abadi, Menezes, Swift nor the combination of the three, teach, disclose or suggest all 
the limitations of Applicant's amended claims 30 and 43, as listed above, there would 
not be any motivation to arrive at Applicant's claimed invention. Thus, Applicant's 
amended claims 30 and 43 are not obvious over Abadi in view of Menezes and further 
in view of Nielsen since a prima facie case of obviousness has not been met under MPEP 
§2142. Additionally, the claims that directly depends from amended claims 30 and 43, 
namely claims 31, and 44, respectively, would also not be obvious over Abadi in view of 
Menezes and further in view of Nielsen for the same reason. 

Accordingly, withdrawal of the 35 U.S.C § 103(a) rejection for claims 31 and 44 is 
respectfully requested. 

D. It is asserted in the Office Action that claims 40-42 and 52-54 are rejected in the 
Office Action under 35 U.S.C. § 103(a) as being obvious over Abadi in view of Menezes, 
and further in view of U.S. Patent Application No. 6,601,175 issued to Arnold et al. 
("Arnold' 7 ). Applicant respectfully traverses the aforementioned rejection for the 
following reasons. 

Applicant's claims 40-42 depend on amended claim 30. Claims 52-54 depend on 
amended claim 43. Applicant has discussed Abadi and Menezes above in sections V(B) 
and VI(A). 

Arnold discloses a data processing system features are protected using a 
machine-specific limited-life password. The data processing system includes execution 
resources for executing a watchdog program, a limited-life value generator, and non- 
volatile storage that stores a machine-specific value partially derived from relatively 
unique information associated with the data processing system, such as a secret control 
password. The limited-life value can represent a timestamp that limits the duration that 
the machine-specific limited-life value is valid or a nonce that limits the number of 
times that the machine-specific limited-life value can be used. Arnold, however, does 
not teach, disclose or suggest "determining a specific salt value associated with the 
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software application/' "generating a hash from a particular salt value associated with a 
specific software application and input data/' or "generate a hash from a particular salt 
value associated with a specific software application and input data/' 

Therefore, even if Abadi and Menezes were combined with Arnold, the resulting 
invention would still not include all of Applicant's claimed limitations. Since neither 
Abadi, Menezes, Arnold nor the combination of the three, teach, disclose or suggest all 
the limitations of Applicant's amended claims 30 and 43, as listed above, there would 
not be any motivation to arrive at Applicant's claimed invention. Thus, Applicant's 
amended claims 30 and 43 are not obvious over Abadi in view of Menezes and further 
in view of Arnold since a prima facie case of obviousness has not been met under MPEP 
§2142. Additionally, the claims that directly depends from amended claims 30 and 43, 
namely claims 40-42, and 52-54, respectively, would also not be obvious over Abadi in 
view of Menezes and further in view of Arnold for the same reason. 

Accordingly, withdrawal of the 35 U.S.C. § 103(a) rejections for claims 40-42 and 
52-54 are respectfully requested. 
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CONCLUSION 

In view of the foregoing, it is submitted that claims 24-54 patentably define the 
subject invention over the cited references of record, and are in condition for allowance 
and such action is earnestly solicited at the earliest possible date. If the Examiner 
believes a telephone conference would be useful in moving the case forward, he is 
encouraged to contact the undersigned at (310) 207-3800. 

If necessary, the Commissioner is hereby authorized in this, concurrent and 
future replies, to charge payment or credit any overpayment to Deposit Account No. 02- 
2666 for any additional fees required under 37 C.F.R. §§1.16 or 1.17, particularly, 
extension of time fees. 

Respectfully submitted, 

BLAKELY, SOKOLOFF, TAYLOR^& ZAFMAN LLP 



Dated: October 18, 2004 

Steven'Laut, Reg. No. 47,736 
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